external/curl · ef2a96fb236369271cb0f06451f02f0cca4d1569 · LibreOffice / core

curl: upgrade to release 7.65.0 · edb01616

Michael Stahl May 22, 2019 yazdı

Fixes CVE-2019-5435. It looks like this is not a problem on 32-bit
Windows because fortunately we don't use /LARGEADDRESSAWARE flag
to set IMAGE_FILE_LARGE_ADDRESS_AWARE... but on 32-bit Linux
the user-space VM is 3GB so an exploit might be possible.

Apparently there's no code in LO that uses the CURLU_URLENCODE flag.

The other one, CVE-2019-5436, doesn't matter because we disable tftp.

Change-Id: I0d4f087befa5a3c4fb21ec36761dad68932425d9
Reviewed-on: https://gerrit.libreoffice.org/72732
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl@cib.de>

edb01616

Adı	Son kayıt (commit)	Son güncelleme
..
ExternalPackage_curl.mk		Loading commit data...
ExternalProject_curl.mk		Loading commit data...
Makefile		Loading commit data...
Module_curl.mk		Loading commit data...
README		Loading commit data...
UnpackedTarball_curl.mk		Loading commit data...
clang-cl.patch.0		Loading commit data...
curl-7.26.0_win-proxy.patch		Loading commit data...
curl-msvc-disable-protocols.patch.1		Loading commit data...
curl-msvc.patch.1		Loading commit data...
curl-nss.patch.1		Loading commit data...
zlib.patch.0		Loading commit data...

README